[Zope] Re: root privileges required
Vangelis Mihalopoulos
mihalop at vtrip.net
Wed Jul 28 13:03:19 EDT 2004
On 28 Jul 2004, Ken Manheimer wrote:
> That's key, though. Your application is going to be a less attractive
> target for attacks than zope to the degree that it is a less prevalent
> application than zope. This doesn't mean that you shouldn't be careful to
> make your application secure - but it does mean that you have a lot more
> lattitude than zope, the application, to provide for your special
> local-host security concerns.
I agree with you. But what if i am implementing a file manager? With
capabilities like upload/downloading any file in all filesystems? Even if
i implement a privileged XML-RPC server which only listens requests from
the local host (from Zope that is), i don't think security is tighter. If
someone breaks into [the non-privileged] Zope, he can still use the
privileged server to do as much harm as he pleases.
I believe it comes down to what exactly are the privileged actions. If it
is simply a very specific task that would not compromise the whole system
security, that model is a "must". But if the privileged actions are more
generic, with abilities to harm the whole system, then running Zope as
root is of no importance.
Thanks for your answer,
Vangelis
More information about the Zope
mailing list